Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.8
CVSSv3

CVE-2016-7168

Published: 05/01/2017 Updated: 04/11/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
VMScore: 314
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress prior to 4.6.1 might allow remote malicious users to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CVE-2016-6896 CVE-2016-6897
Debian Bug report logs - #837090 wordpress: CVE-2016-6896 CVE-2016-6897 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Sep 2016 17:39:02 UTC Severity: grave Tags: security, upstream Found in version wordpres ...
Debian Security Advisories: DSA-3681-1 wordpress -- security update
Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, cross-site request forgery, path traversal, or bypass restrictions For the stable distribution (jessie), these problems have been fixed in version 41+dfsg-1+deb8u10 We recommend that you upg ...
Arch Linux Issues:
A cross-site scripting vulnerability has been discovered via a malicious image filename, reported by SumOfPwn researcher Cengiz Han Sahin A WordPress admin can be tricked into uploading a malicious image file requested by a user this admin trusts or a popular malicious image that was spread via social media ...

Github Repositories

https://github.com/alem-m/WordPressVSKali

Pen-testing - Finding, analyzing, recreating, and documenting five vulnerabilities affecting an old version of WordPress

Project 7 - WordPress Pen Testing Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 Unauthenticated Stored Cross-Site Scripting (CVE-2015-3440) Summary: An unathorized user/attacker can inject JavaScrip in WordPress comments, which will be triggered when the comment is viewed If triggered by a

https://github.com/deltastrikeop/CS7

CS7 Total Hours: 20 (lots of hair was pulled out during vagrant/wp installation) Username Enumeration Found in WP 42, patched in 410

https://github.com/breindy/Week7-WordPress-Pentesting

CodePath University's Web Security - Week 7: WordPress Pentesting (Spring 2018)

CodePath University's Web Security Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) 422 - Authenticated Stored Cross-Site Scripting (XSS) Summary: A stored XSS vulnerability in WordPress allows an user with the

https://github.com/lindaerin/wordpress-pentesting

wordpress pentesting vulnerabilities affecting old version

WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report 422 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability types: 42~ Tested in version: 42 Fixed in version: 423 GIF Walkthrough:

https://github.com/lindaerin/WP-Pentesting

wordpress pentesting vulnerabilities affecting old version

WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report 422 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability types: 42~ Tested in version: 42 Fixed in version: 423 GIF Walkthrough:

https://github.com/hungie1122/cybersec_kali_vs_old_wp_p7

Hung_Nguyen_Cybersecurity_University Project 7 - WordPress Pentesting Time spent: 6 hours spent in total Objective: Find, analyze, recreate, and document three (required) to five (optional) vulnerabilities affecting an old version of WordPress Pentesting Report (Required) 40-472 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds Summary: Vulnerabi

https://github.com/KushanSingh/Codepath-Project7

Contains the assignment for codepath week 7.

Project 7 - WordPress Pen Testing Time spent: 8 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 Unauthenticated Stored Cross Site Scripting (CVE-2015-3440) Summary: If the comment text is long enough, it will be truncated when inserted in the database which results in malf

https://github.com/smnalley/Codepath-Assignment-7

Procedures and proofs of concept for Assignment 7, Kali Linux vs. Wordpress

Codepath-Assignment-7 Procedures and proofs of concept for Assignment 7, Kali Linux vs Wordpress Exploit 1: Cross-site scripting via comment section, CVE unknown, Ver <=42 klikkifi/adv/wordpress2html Go to the comment section of any post on version 42 of Wordpress or earlier Inject a malicious script into a comment There appear to be no escaping requirem

https://github.com/zyeri/wordpress-pentesting

Project 7 - WordPress Pentesting (CSE 4253)

Project 7 - WordPress Pentesting Time spent: 3 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE-2016-7168 Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 461 Steps to recreate: Create an image with a name containing something like <

https://github.com/Calberrycoder/CodePath-Assignments

CodePath-Assignments Project 7 - WordPress Pentesting Time spent: 6 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE 2015-5622 Wordpress 43 - Authenticated Shortcode Tags Cross-Site Scripting Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 43

https://github.com/zakia00/Week7Lab

Week7Lab -Exploit #1: WordPress 42 - Persistent Cross-Site Scripting: Description: WordPress 42 is vulnerable to a stored XSS A user can inject JavaScript code in WordPress comments The user first makes the comment text too long (at least 64 KB because The MySQL TEXT type size limit is 64 kilobytes) such that it is inserted into the database as truncated The truncation r

References

CWE-79https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.htmlhttps://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0https://codex.wordpress.org/Version_4.6.1http://www.securityfocus.com/bid/92841http://www.openwall.com/lists/oss-security/2016/09/08/24http://www.openwall.com/lists/oss-security/2016/09/08/19https://wpvulndb.com/vulnerabilities/8615http://www.debian.org/security/2016/dsa-3681https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837090https://nvd.nist.govhttps://github.com/alem-m/WordPressVSKalihttps://www.debian.org/security/./dsa-3681
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook